Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/netbsd-7-0]: src/crypto/external/bsd/openssl/dist/crypto Apply patch (re...

details:   https://anonhg.NetBSD.org/src/rev/c64ba4f9995c
branches:  netbsd-7-0
changeset: 801278:c64ba4f9995c
user:      snj <snj%NetBSD.org@localhost>
date:      Mon Feb 06 07:27:01 2017 +0000

description:
Apply patch (requested by spz in ticket #1352):
Fix CVE-2016-7056 and CVE-2017-3731.

diffstat:

 crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c     |  2 ++
 crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c |  2 ++
 2 files changed, 4 insertions(+), 0 deletions(-)

diffs (24 lines):

diff -r 935435a82798 -r c64ba4f9995c crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c
--- a/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c  Sun Feb 05 19:20:06 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/ecdsa/ecs_ossl.c  Mon Feb 06 07:27:01 2017 +0000
@@ -147,6 +147,8 @@
             if (!BN_add(k, k, order))
                 goto err;
 
+        BN_set_flags(k, BN_FLG_CONSTTIME);
+
         /* compute r the x-coordinate of generator * k */
         if (!EC_POINT_mul(group, tmp_point, k, NULL, NULL, ctx)) {
             ECDSAerr(ECDSA_F_ECDSA_SIGN_SETUP, ERR_R_EC_LIB);
diff -r 935435a82798 -r c64ba4f9995c crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c
--- a/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c      Sun Feb 05 19:20:06 2017 +0000
+++ b/crypto/external/bsd/openssl/dist/crypto/evp/e_rc4_hmac_md5.c      Mon Feb 06 07:27:01 2017 +0000
@@ -267,6 +267,8 @@
             len = p[arg - 2] << 8 | p[arg - 1];
 
             if (!ctx->encrypt) {
+                if (len < MD5_DIGEST_LENGTH)
+                    return -1;
                 len -= MD5_DIGEST_LENGTH;
                 p[arg - 2] = len >> 8;
                 p[arg - 1] = len;
Home | Main Index | Thread Index | Old Index